Outils pour utilisateurs

Outils du site


ctf:public:hackover2016:tiny_backdoor_v1

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
ctf:public:hackover2016:tiny_backdoor_v1 [2016/10/17 06:28]
arthaum
ctf:public:hackover2016:tiny_backdoor_v1 [2016/10/17 06:29] (Version actuelle)
arthaum
Ligne 36: Ligne 36:
 </​code>​ </​code>​
  
-I am using the fact thatwhen the shellcode is called, the stack contains the returned address (that I pop in rbp), and then lots of zeros. Thus, ''​pop rax; pop rdi''​ just set ''​rax = rdi = 0''​. Also, ''​rsi''​ already contains ''​0x600136''​ so no need to change it.+I am using the fact that when the shellcode is called, the stack contains the returned address (that I pop in rbp), and then lots of zeros. Thus, ''​pop rax; pop rdi''​ just set ''​rax = rdi = 0''​. Also, ''​rsi''​ already contains ''​0x600136''​ so no need to change it.
  
 Finally, I wrote my second shellcode. It just calls ''​execve("/​bin/​sh",​ 0, 0)''​. Note that the string ''/​bin/​sh''​ is located in the second payload and ends up being at the address ''​0x600180''​. Here is my second shellcode: Finally, I wrote my second shellcode. It just calls ''​execve("/​bin/​sh",​ 0, 0)''​. Note that the string ''/​bin/​sh''​ is located in the second payload and ends up being at the address ''​0x600180''​. Here is my second shellcode:
ctf/public/hackover2016/tiny_backdoor_v1.txt · Dernière modification: 2016/10/17 06:29 par arthaum